Interception of communications

Approximately three years after it was enacted, the Regulation Of Interception Of Communications And Provision Of Communication-Related Information Act, 2002 or RICA, was brought into force by Government Gazette 28075 on 30 September 2005. This substantially changes the law relating to the interception of communications for not only Internet Service Providers but also for all businesses, as it regulates the way in which communications can be intercepted.

As a general rule all businesses should - if they haven't already done so - draft an Electronic Communications Policy which details which communications at work are not private and which may therefore be intercepted. Once it has been agreed to by the employees, consent has then been obtained in terms of section 5 of RICA to intercept communications. This is vital if the employer plans to be able to legally monitor its employees.

Not only one's employees but also clients should know that they are being monitored. Some ways of putting this into practice include email disclaimers and automated telephone messages indicating that the conversation may be recorded.

If this is not done then the employee may have a reasonable expectation of privacy at the workplace which means that several considerations come into play to determine whether an interception of communications (in whatever form that might be) is lawful.

The first requirement is that the monitoring of the communications (emails, internet etc) must be authorised by the CEO or the person who the CEO delegated to authorise this. Secondly the communication must relate to the business of the employer or be communicated in the course and scope of the employees' duties and using the employer's facilities. Finally the monitoring must have been for the purpose of establishing the existence of facts, to detect unauthorised use of communications systems or to secure the effective operation of the communications system. "Reasonable" efforts must also be made to make the employees aware of the monitoring in advance.

What this Act really impacts upon is privacy. Privacy is a difficult area in law - too little knowledge of your employees' activities exposes you financially, and too much intrusion alienates your employees and can lead to an abuse of power. The real trick is to identify the assets that you need and then implement a system that balances a respect for your employees' privacy with your need to know. In order to do this, each business should implement a system that is specifically customised for their needs, and which uses a software product that supports this ability. Once the business has implemented the system, the most important part of monitoring employees is telling them that they are being monitored. It gets a whole lot harder to say there was a reasonable expectation of privacy when you know that you are being monitored and experience has shown that disclosing the use of monitoring software is far better than keeping its existence a secret.

Paul Esselaar
Electronic Law Manager
Korbitec Solutions (Pty) Ltd